Set DAG network compression to enabled.
DAG network encryption
DAGs support the use of encryption by leveraging the encryption capabilities of the Windows Server operating system. DAGs use Kerberos authentication between Exchange servers. Microsoft Kerberos security support provider (SSP) EncryptMessage and DecryptMessage APIs handle encryption of DAG network traffic. Microsoft Kerberos SSP supports multiple encryption algorithms. (For the complete list, see section 3.1.5.2, "Encryption Types" of
Kerberos Protocol Extensions). The Kerberos authentication handshake selects the strongest encryption protocol supported in the list: typically Advanced Encryption Standard (AES) 256-bit, potentially with a SHA Hash-based Message Authentication Code (HMAC) to maintain integrity of the data. For details, see
HMAC.
Network encryption is a property of the DAG and not a DAG network. You can configure DAG network encryption using the
Set-DatabaseAvailabilityGroup cmdlet in the Shell. The possible encryption settings for DAG network communications are shown in the following table.
DAG network communication encryption settings
Setting | Description |
Disabled | Network encryption isn't used. |
Enabled | Network encryption is used on all DAG networks for replication and seeding. |
InterSubnetOnly | Network encryption is used on DAG networks when replicating across different subnets. This is the default setting. |
SeedOnly | Network encryption is used on all DAG networks for seeding only. |
Set-DatabaseAvailabilityGroup -identity (DAGName) -NetworkEncryption enabled
Set DAG network encryption to enabled.
DAG network compression
DAGs support built-in compression. When compression is enabled, DAG network communication uses XPRESS, which is the Microsoft implementation of the LZ77 algorithm. For details, see
An Explanation of the Deflate Algorithm and section 3.1.4.11.1.2.1 "LZ77 Compression Algorithm" of
Wire Format Protocol Specification. This is the same type of compression used in many Microsoft protocols, in particular, MAPI RPC compression between Microsoft Outlook and Exchange.
As with network encryption, network compression is also a property of the DAG and not a DAG network. You configure DAG network compression by using the
Set-DatabaseAvailabilityGroup cmdlet in the Shell. The possible compression settings for DAG network communications are shown in the following table.
DAG network communication compression settings
Setting | Description |
Disabled | Network compression isn't used. |
Enabled | Network compression is used on all DAG networks for replication and seeding. |
InterSubnetOnly | Network compression is used on DAG networks when replicating across different subnets. This is the default setting. |
SeedOnly | Network compression is used on all DAG networks for seeding only. |
Return to top
Set-DatabaseAvailabilityGroup -identity (DAGName)-NetworkCompression enabled
The
Calendar Repair Assistant (CRA) is a configurable mailbox assistant that runs within the Microsoft Exchange Mailbox Assistants service on Microsoft Exchange Server 2010 Mailbox servers. The CRA detects and corrects inconsistencies that occur in single and recurring calendar items for mailboxes that are homed on the Mailbox server that is running the CRA. The purpose of this process is to make sure that recipients won't miss meetings or have unreliable meeting information.
In Exchange 2010 Service Pack 1 (SP1), the CRA was changed from a time-based assistant to a throttle-based assistant.
By default, the CRA is not set to run automatically. To configure the CRA to run and repair calendar inconsistencies, use the
set-mailboxserver cmdlet in the Exchange Management Shell to set the work cycle and work cycle checkpoint. The Exchange Management Console cannot be used to configure calendar repair log settings.
You must use the following
Set-MailboxServer cmdlet parameters to configure the CRA settings:
- CalendarRepairIntervalEndWindow This parameter specifies the number of days into the future to repair calendars. For example, if this parameter is set to 90, the CRA repairs calendars on the Mailbox server 90 days from the date it was set. The default value is 30 days.
- CalendarRepairMissingItemFixDisabled This parameter specifies that the CRA won't fix missing attendee calendar items for mailboxes homed on this Mailbox server. If an attendee is missing a calendar item, the item will be re-created. The default value is
$false
.
- CalendarRepairWorkCycle and CalendarRepairWorkCycleCheckpoint These parameters work together. The CalendarRepairWorkCycle parameter specifies the time span in which all mailboxes on the specified server will be scanned by the CRA. For example, if you specify seven days for this parameter, the CRA will process all mailboxes on this server every seven days. Calendars that have inconsistencies will be flagged and repaired according to the interval specified by the CalendarRepairWorkCycleCheckpoint parameter. For example, if you specify one day for this parameter, the CRA will query every day for new mailboxes that require processing.
Get current settings:
Get-MailboxServer -Identity (mailboxserver) | fl name,calendar*
Set to enabled:
Set-Mailboxserver -Identity (mailboxserver) -CalendarRepairMissingItemFixDisabled $false
Set the CRA to check all mailboxes on the server MAILBOXSERVER every seven days and to process all calendars that require repairs every day in that seven day cycle.
Set-MailboxServer -Identity (mailboxserver) -CalendarRepairWorkCycle 7.00:00:00 -CalendarRepairWorkCycleCheckpoint 1.00:00:00
Set the number of days into the future that the CRA validates calendars to 90 days on Mailbox server MBX02.
Set-MailboxServer -Identity MBX02 -CalendarRepairIntervalEndWindow 90
The Microsoft® Exchange Best Practices Analyzer Tool queries the Active Directory® directory service to determine whether the
msExchUseOAB attribute in the
msExchPrivateMDB class has been configured to use a specific offline address book for a particular mailbox store on a database. The
msExchPrivateMDB class determines the configuration on a private database. The value of the
msExchUseOAB attribute determines the specific offline address book that a particular mailbox store uses, and is the distinguished name of the offline address list that the users will download. If the Exchange Server Analyzer finds that the value for the offline address book for the mailbox store on the database is missing, the Analyzer tool displays an error message.
In Exchange 2000 Server and later versions, an offline address list is associated with all the users who are contained in an information store. Microsoft® Office Outlook® 2003 and later versions use the offline address book to provide offline access to directory information from the global address list (GAL) and from other address lists. A missing value for the
msExchUseOAB attribute causes offline address book errors for users in this information store. To view the current value for this attribute, use the following procedure.
To view the msExchUseOAB attribute in Active Directory
- Start the ADSI Edit tool. To do this, click Start, click Run, type adsiedit.msc, and then click OK. For more information about how to install or use ADSI Edit, see ADSI Edit (adsiedit.msc).
- Under the Configuration object, expand the following path:
- CN=Configuration,DC=contoso,DC=com
- CN=Services
- CN=Microsoft Exchange
- CN=<OrganizationName> (for example, First Organization)
- CN=Administrative Groups
- CN=Exchange Administrative Group
- CN=Servers
- CN=<ServerName>
- CN=InformationStore
- CN=<StorageGroupName> (for example, First Storage Group)
- In the details pane, right-click CN=Mailbox Database, and then click Properties.
Note Notice that msExchPrivateMDB appears in the Class column for this object.
- On the Attribute Editor tab, click msExchUseOAB, and then click Edit.
- Note the value that appears in the Value box. For example:
- <not set> (when the value is not set)
- CN=Default Offline Address Book,CN=Offline Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com (when the value is set to the default offline address book)
To resolve this issue, associate the offline address book with a mailbox store by using the procedures below.
To associate the Offline Address Book with a particular mailbox store in Exchange 2007 or in Exchange Server 2010
- Start the Exchange Management Console.
- Expand Server Configuration, and then click Mailbox.
- In the details pane, click the Database Management tab.
- Under the appropriate storage group (for example, First Storage Group), right-click Mailbox Database, and then click Properties.
- Click the Client Settings tab, and then click Browse next to Offline address book.
- Click the appropriate offline address book, and then click OK two times.
DAG not in DAC mode.
Datacenter Activation Coordination Mode
Datacenter Activation Coordination (DAC) mode is a property setting for a database availability group (DAG). DAC mode is disabled by default and should be enabled for all DAGs with two or more members that use continuous replication. DAC mode shouldn't be enabled for DAGs in third-party replication mode unless specified by the third-party vendor.
If a catastrophic failure occurs that affects the DAG (for example, a complete failure of one of the datacenters), DAC mode is used to control the startup database mount behavior of a DAG. When DAC mode isn't enabled and a failure occurs that affects multiple servers in the DAG, and then when a majority of the DAG members are restored after the failure, the DAG will restart and attempt to mount databases. In a multi-datacenter configuration, this behavior could cause
split brain syndrome, a condition that occurs when all networks fail, and DAG members can't receive heartbeat signals from each other. Split brain syndrome can also occur when network connectivity is severed between datacenters. Split brain syndrome is prevented by always requiring a majority of the DAG members (and in the case of DAGs with an even number of members, the DAG's witness server) to be available and interacting for the DAG to be operational. When a majority of the members are communicating, the DAG is said to have quorum.
For example, consider a scenario where the first datacenter contains two DAG members and the witness server, and the second datacenter contains two other DAG members. If the first datacenter loses power and you activate the DAG in the second datacenter (for example, by activating the alternate witness server in the second datacenter), if the first datacenter is restored without network connectivity to the second datacenter, the active databases within the DAG may enter a split brain condition.
DAC mode is designed to prevent split brain from occurring by including a protocol called Datacenter Activation Coordination Protocol (DACP). After a catastrophic failure, when the DAG recovers, it won't automatically mount databases even though the DAG has a quorum. Instead DACP is used to determine the current state of the DAG and whether Active Manager should attempt to mount the databases.
You might think of DAC mode as an application level of quorum for mounting databases. To understand the purpose of DACP and how it works, it's important to understand the primary scenario it's intended to handle. Consider the two-datacenter scenario. Suppose there is a complete power failure in the primary datacenter. In this event, all of the servers and the WAN are down, so the organization makes the decision to activate the standby datacenter. In almost all such recovery scenarios, when power is restored to the primary datacenter, WAN connectivity is typically not immediately restored. This means that the DAG members in the primary datacenter will power up, but they won’t be able to communicate with the DAG members in the activated standby datacenter. The primary datacenter should always contain the majority of the DAG quorum voters, which means that when power is restored, even in the absence of WAN connectivity to the DAG members in the standby datacenter, the DAG members in the primary datacenter have a majority and therefore have quorum. This is a problem because with quorum, these servers may be able to mount their databases, which in turn would cause divergence from the actual active databases that are now mounted in the activated standby datacenter.
DACP was created to address this issue. Active Manager stores a bit in memory (either a 0 or a 1) that tells the DAG whether it's allowed to mount local databases that are assigned as active on the server. When a DAG is running in DAC mode, each time Active Manager starts up the bit is set to 0, meaning it isn't allowed to mount databases. Because it's in DAC mode, the server must try to communicate with all other members of the DAG that it knows to get another DAG member to give it an answer as to whether it can mount local databases that are assigned as active to it. The answer comes in the form of the bit setting for other Active Managers in the DAG. If another server responds that its bit is set to 1, it means servers are allowed to mount databases, so the server starting up sets its bit to 1 and mounts its databases.
But when you recover from a primary datacenter power outage where the servers are recovered but WAN connectivity has not been restored, all of the DAG members in the primary datacenter will have a DACP bit value of 0; and therefore none of the servers starting back up in the recovered primary datacenter will mount databases, because none of them can communicate with a DAG member that has a DACP bit value of 1.
DAC mode for DAGs with two members
DAGs with two members have inherent limitations that prevent the DACP bit alone from fully protecting against application-level split brain syndrome. For DAGs with only two members, DAC mode also uses the boot time of the DAG's alternate witness server to determine whether it can mount databases on startup. The boot time of the alternate witness server is compared to the time when the DACP bit was set to 1.
- If the time the DACP bit was set is earlier than the boot time of the alternate witness server, the system assumes that the DAG member and witness server were rebooted at the same time (perhaps because of power loss in the primary datacenter), and the DAG member isn't permitted to mount databases.
- If the time that the DACP bit was set is more recent than the boot time of the alternate witness server, the system assumes that the DAG member was rebooted for some other reason (perhaps a scheduled outage in which maintenance was performed or perhaps a system crash or power loss isolated to the DAG member), and the DAG member is permitted to mount databases.
Important: |
Because the alternate witness server's boot time is used to determine whether a DAG member can mount its active databases on startup, you should never restart the alternate witness server and the sole DAG member at the same time. Doing so may leave the DAG member in a state where it can't mount databases on startup. If this happens, you must run the Restore-DatabaseAvailabilityGroup cmdlet on the DAG. This resets the DACP bit and permits the DAG member to mount databases. |
Other benefits of DAC mode
In addition to preventing split brain syndrome at the application level, DAC mode also enables the use of the built-in site resilience cmdlets used to perform datacenter switchovers. These include the following:
- Stop-DatabaseAvailabilityGroup
- Restore-DatabaseAvailabilityGroup
- Start-DatabaseAvailabilityGroup
Performing a datacenter switchover for DAGs that aren't in DAC mode involves using a combination of Exchange tools and cluster management tools.
DAC mode can be enabled only by using the Exchange Management Shell. Specifically, you can use the
Set-DatabaseAvailabilityGroup cmdlet to enable and disable DAC mode, as illustrated in the following example.
In the preceding example, the DAG DAG2 is enabled for DAC mode.
Shadow redundancy in Microsoft Exchange Server 2010 provides a high availability mechanism for messages for the entire time that the messages are in transit. To learn more about shadow redundancy, see
Understanding Shadow Redundancy. You can use the Exchange Management Shell to configure shadow redundancy in your organization.
Set-TransportConfig -ShadowRedundancyEnabled $true
Set-TransportConfig -ShadowHeartbeatTimeoutInterval 00:30:00
Set-TransportConfig -ShadowMessageAutoDiscardInterval 04:00:00
Set-ReceiveConnector "Custom App Receive Connector" -MaxAcknowledgementDelay 0
Enable Shadow Redundancy Promotion
To complete this procedure, you must have local administrator permissions on the Hub Transport server.
- Edit the Edgetransport.exe.config file. By default, this file is located in the C:\Program Files\Microsoft\Exchange Server\V14\Bin directory.
- In the Edgetransport.exe.config file, change the shadowredundancypromotionenabled key to true, and then save the changes.
- Restart the Microsoft Exchange Transport service (MSExchangeTransport.exe).